News

Security essentials: What to include in employee training

Recently, the Ponemon Institute released its annual Patient Privacy and Data Security Study, which illuminated a surprising fact about data breaches. Although many administrators and employees may believe that cybercriminal activity like malware infections were the top cause of data loss, it is in fact the workers themselves that leave the business vulnerable. HealthIT Security reported that 75 percent of the study's participants pointed to employee negligence as the greatest security threat leading to a data breach.

For this reason, it is absolutely vital that organizations train their staff on the best practices for information security. This can seem a daunting task for many decision makers, as there is no one-size-fits-all security training program. Elements like the technology utilized by the business, the data being stored and utilized and the resources employees are granted access to can all shape the training being given to the workforce. However, there are some essential points that every group should include in their security training program, including the following:

Details about the security components in place
One of the first aspects that should be addressed in the training program is making employees aware of the security measures in place within the enterprise. This step does not need to be an all-encompassing, detailed explanation of every safeguard deployed by the company, but can be a summary of the critical elements. For instance, administrators can alert employees of any monitoring tools in place, as well as SSL certificates or encryption technology being utilized to protect sensitive data.

Best practices for securing individual workstations
The National Cyber Security Alliance also suggested going over the strategies employees should leverage to ensure the protection and best use of their individual workstations. As many organizations provide a desktop computer and other hardware for staff, it is important to go over best practices for the utilization of this hardware to prevent the devices from becoming exploitable weak points in the company's security. For instance, training managers should discuss passwords and authentication credentials, backing up projects and critical resources and techniques to avoid malware infection. Training should also include guidelines for what workers are allowed to store or launch on their work devices.

"Your company should have clear rules for what employees can install and keep on their work computers," NCSA stated. "Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network."

Internet and email usage
Travelers advised including information on the usage of company Internet and email resources. As these can be sources of malicious content, employees should be trained to avoid suspicious websites, links or messages. For example, workers should known not to open emails from unknown senders, or messages that appear odd or are flagged on the group's anti-virus program.

What signals an infection or breach
Last but not least, organizations should also educate their staff on signs that can point to a malware infection or breach in process. This can include a host of different indicators include suspicious activity like underperforming devices or resources being repeated accessed. Once employees understand what to look for, they can alert supervisors to the activity and allow for a quicker response to mitigate the threat.

Protect data in transit with an SSL certificate today. 

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

Buy now! Try now!